Logstash query for IPs and GeoData

Blason · October 9, 2018, 5:11pm

Hi Team,

Here is my logstash config file and would like to know that how do I put a filter for IP addresses? *.out can contain domains, URLs, IP addresses or hashes.

So as soon as logstash sees IP addresses geo data has to be created.
Can someone please guide me?

input {

file {
path => "/opt/output/*.out"
start_position => "beginning"
sincedb_path => "/dev/null"
}
}
filter {
csv {
separator => ","
columns => ["IOC","attack","Severity"]
}
}
output {
elasticsearch {
hosts => "http://172.xx.xx.xx:9200"
index => "logstash-iti-%{+YYYY.MM.dd}"
}
}

TIA
Blason R

Blason · October 10, 2018, 3:44am

Hi Team,

It may sound basic but honetly I am not getting any clue here as to how to parse the and check for IOC column and if that contains IP need to add GEO data.

system · November 7, 2018, 3:44am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.